IOCReport

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Trojan.Mardom.MN.15.10720.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.Mardom.MN.15.10720.exe.log
ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dvugezh2.wz1.ps1
very short file (no magic)
dropped
clean
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s5qjmgej.qvv.psm1
very short file (no magic)
dropped
clean
C:\Users\user\Documents\20210915\PowerShell_transcript.116938.uyj91fg0.20210915131948.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Mardom.MN.15.10720.exe
'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Mardom.MN.15.10720.exe'
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Mardom.MN.15.10720.exe'
malicious
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Mardom.MN.15.10720.exe
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Mardom.MN.15.10720.exe
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean

URLs

Name
IP
Malicious
http://127.0.0.1:HTTP/1.1
unknown
clean
http://www.apache.org/licenses/LICENSE-2.0
unknown
clean
http://www.fontbureau.com
unknown
clean
http://www.fontbureau.com/designersG
unknown
clean
http://DynDns.comDynDNS
unknown
clean
http://insergejk.com
unknown
clean
http://www.fontbureau.com/designers/?
unknown
clean
http://www.founder.com.cn/cn/bThe
unknown
clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
unknown
clean
http://www.fontbureau.com/designers?
unknown
clean
http://uEmkbr.com
unknown
clean
http://mail.insergejk.com
unknown
clean
http://www.tiro.com
unknown
clean
http://www.fontbureau.com/designers
unknown
clean
http://www.goodfont.co.kr
unknown
clean
http://www.carterandcone.coml
unknown
clean
http://www.sajatypeworks.com
unknown
clean
http://www.typography.netD
unknown
clean
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
clean
http://www.founder.com.cn/cn/cThe
unknown
clean
http://www.galapagosdesign.com/staff/dennis.htm
unknown
clean
http://fontfabrik.com
unknown
clean
http://www.founder.com.cn/cn
unknown
clean
http://www.fontbureau.com/designers/frere-user.html
unknown
clean
https://GfxT7Yj8XaSeYQqdvs.com
unknown
clean
http://www.jiyu-kobo.co.jp/
unknown
clean
http://www.fontbureau.como
unknown
clean
http://www.galapagosdesign.com/DPlease
unknown
clean
http://www.fontbureau.com/designers8
unknown
clean
http://www.fonts.com
unknown
clean
http://www.sandoll.co.kr
unknown
clean
http://www.fontbureau.comoitud
unknown
clean
http://www.urwpp.deDPlease
unknown
clean
http://www.zhongyicts.com.cn
unknown
clean
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
clean
http://www.sakkal.com
unknown
clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
unknown
clean
There are 27 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
insergejk.com
64.202.184.79
malicious
mail.insergejk.com
unknown
malicious

IPs

IP
Domain
Country
Malicious
64.202.184.79
insergejk.com
United States
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
2612000
unkown
page read and write
malicious
2BF1000
unkown
page read and write
malicious
402000
unkown
page execute and read and write
malicious
3609000
unkown
page read and write
malicious
4EE4000
unkown
page read and write
clean
C34000
unkown
page read and write
clean
2B0B000
unkown
page read and write
clean
4ED4000
unkown
page read and write
clean
7FF56D780000
unkown image
page readonly
clean
C34000
unkown
page read and write
clean
4EF8000
unkown
page read and write
clean
228B0020000
unkown image
page readonly
clean
C34000
unkown
page read and write
clean
C34000
unkown
page read and write
clean
7E0000
unkown image
page read and write
clean
4EEE000
unkown
page read and write
clean
7FF56DABE000
unkown image
page readonly
clean
C40000
unkown
page read and write
clean